diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..b4e5eb7 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,3 @@ +SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.2.2.tar.gz +SOURCE_SUM=40d98bd556116dbc28f92339f0e5b93836ece87dcb01e7aaa628ea98855a1f51 +ARCH_FORMAT=tar.gz \ No newline at end of file diff --git a/conf/nginx_sub_dir.conf b/conf/nginx.conf similarity index 67% rename from conf/nginx_sub_dir.conf rename to conf/nginx.conf index 1298c2b..3fc9825 100644 --- a/conf/nginx_sub_dir.conf +++ b/conf/nginx.conf @@ -1,19 +1,19 @@ -location {LOCATION}/ { - alias {DESTDIR}/web/; +location __PATH__/ { + alias __FINALPATH__/web/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - try_files $uri @{APP}; + try_files $uri @__NAME__; - location ~ ^{PATH}/app\.php(/|$) { + location ~ ^__PATH__/app\.php(/|$) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param REMOTE_USER $remote_user; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_intercept_errors on; } @@ -27,11 +27,11 @@ location {LOCATION}/ { include conf.d/yunohost_panel.conf.inc; } -location @{APP} { - rewrite ^ {PATH}/app.php/$is_args$args; +location @__NAME__ { + rewrite ^ __PATH__/app.php/$is_args$args; } -location {LOCATION} { - return 301 {LOCATION}/; -} +#noroot location __PATH__ { +#noroot return 301 __PATH__/; +#noroot } diff --git a/conf/nginx_root.conf b/conf/nginx_root.conf deleted file mode 100644 index dd9a9eb..0000000 --- a/conf/nginx_root.conf +++ /dev/null @@ -1,32 +0,0 @@ -location {LOCATION} { - alias {DESTDIR}/web/; - - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - try_files $uri @{APP}; - - location ~ ^{PATH}/app\.php(/|$) { - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; - fastcgi_intercept_errors on; - } - - # return 404 for all other php files not matching the front controller - # this prevents access to other php files you don't want to be accessible. - location ~ \.php$ { - return 404; - } - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; -} - -location @{APP} { - rewrite ^ {PATH}/app.php/$is_args$args; -} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 78d3439..a5e90a4 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[{POOLNAME}] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: @@ -19,8 +19,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = {USER} -group = {USER} +user = __USER__ +group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -30,7 +30,7 @@ group = {USER} ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-{POOLNAME}.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) @@ -340,7 +340,7 @@ request_terminate_timeout = 1d ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = {DESTDIR} +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. diff --git a/scripts/_common.sh b/scripts/_common.sh index 58d8c12..ac4de90 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -2,28 +2,9 @@ # Common variables # -# Wallabag version -VERSION="2.2.2" - # Package dependencies PKG_DEPENDENCIES="php5-cli php5-mysql php5-json php5-gd php5-tidy php5-curl php-gettext redis-server" -# Full Wallabag sources tarball URL -WALLABAG_SOURCE_URL="https://static.wallabag.org/releases/wallabag-release-${VERSION}.tar.gz" - -# Full Wallabag sources tarball checksum -WALLABAG_SOURCE_SHA256="40d98bd556116dbc28f92339f0e5b93836ece87dcb01e7aaa628ea98855a1f51" - -# App package root directory should be the parent folder -PKGDIR=$(cd ../; pwd) - -# -# Common helpers -# - -# Source app helpers -. /usr/share/yunohost/helpers - # Execute a command as another user # usage: exec_as USER COMMAND [ARG ...] exec_as() { @@ -47,29 +28,6 @@ exec_console() { exec_as "$AS_USER" php "$WORKDIR/bin/console" --no-interaction --env=prod "$@" } -# Download and extract Wallabag sources to the given directory -# usage: extract_wallabag DESTDIR [AS_USER] -extract_wallabag() { - local DESTDIR=$1 - local AS_USER=${2:-$USER} - - # retrieve and extract Roundcube tarball - wb_tarball="/tmp/wallabag.tar.gz" - rm -f "$wb_tarball" - wget -q -O "$wb_tarball" "$WALLABAG_SOURCE_URL" \ - || ynh_die "Unable to download Wallabag tarball" - echo "$WALLABAG_SOURCE_SHA256 $wb_tarball" | sha256sum -c >/dev/null \ - || ynh_die "Invalid checksum of downloaded tarball" - exec_as "$AS_USER" tar xf "$wb_tarball" -C "$DESTDIR" --strip-components 1 \ - || ynh_die "Unable to extract Wallabag tarball" - rm -f "$wb_tarball" - - # apply patches - (cd "$DESTDIR" \ - && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \ - || ynh_die "Unable to apply patches to Wallabag" -} - WARNING () { # Print on error output $@ >&2 } @@ -96,11 +54,6 @@ CHECK_SIZE () { # Check if enough disk space available on backup storage fi } -CHECK_USER () { # Check user validity -# $1 = User - ynh_user_exists "$1" || ynh_die "Wrong user" -} - CHECK_DOMAINPATH () { # Check domain/path availability sudo yunohost app checkurl $domain$path_url -a $app } @@ -110,36 +63,6 @@ CHECK_FINALPATH () { # Check if destination directory already exists test ! -e "$final_path" || ynh_die "This path already contains a folder" } - -BACKUP_FAIL_UPGRADE () { - WARNING echo "Upgrade failed." - app_bck=${app//_/-} # Replace all '_' by '-' - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number; then # Check if existing archive before removing app and restoring - sudo yunohost app remove $app # Remove app before restoring it - sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force # Restore the backup if upgrade failed - ynh_die "The app was restored to the way it was before the failed upgrade." - fi -} - -BACKUP_BEFORE_UPGRADE () { # Backup the current version of the app, restore it if the upgrade fails - backup_number=1 - old_backup_number=2 - app_bck=${app//_/-} # Replace all '_' by '-' - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1; then # Check for existing archive numbered 1 - backup_number=2 # And change archive number to 2 - old_backup_number=1 - fi - - sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number # Create a backup different from the existing one - if [ "$?" -eq 0 ]; then # If backup succfessful, delete former archive - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number; then # Check for existing archive before removing it - QUIET sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number - fi - else # If backup failed - ynh_die "Backup failed, the upgrade process was aborted." - fi -} - #================================================= # FUTURE YUNOHOST HELPERS - TO BE REMOVED LATER #================================================= @@ -341,4 +264,295 @@ ynh_system_user_delete () { else echo "The user $1 was not found" >&2 fi +} + +# Restore a previous backup if the upgrade process failed +# +# usage: +# ynh_backup_before_upgrade +# ynh_clean_setup () { +# ynh_backup_after_failed_upgrade +# } +# ynh_abort_if_errors +# +ynh_backup_after_failed_upgrade () { + echo "Upgrade failed." >&2 + app_bck=${app//_/-} # Replace all '_' by '-' + # Check if a existing backup can be found before remove and restore the application. + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number + then + # Remove the application then restore it + sudo yunohost app remove $app + # Restore the backup if the upgrade failed + sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force + ynh_die "The app was restored to the way it was before the failed upgrade." + fi +} + +# Make a backup in case of failed upgrade +# +# usage: +# ynh_backup_before_upgrade +# ynh_clean_setup () { +# ynh_backup_after_failed_upgrade +# } +# ynh_abort_if_errors +# +ynh_backup_before_upgrade () { + backup_number=1 + old_backup_number=2 + app_bck=${app//_/-} # Replace all '_' by '-' + # Check if a backup already exist with the prefix 1. + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1 + then + # Prefix become 2 to preserve the previous backup + backup_number=2 + old_backup_number=1 + fi + + # Create another backup + sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number + if [ "$?" -eq 0 ] + then + # If the backup succedded, remove the previous backup + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number + then + # Remove the previous backup only if it exists + sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null + fi + else + ynh_die "Backup failed, the upgrade process was aborted." + fi +} + +# Create a dedicated nginx config +# +# usage: ynh_add_nginx_config +ynh_add_nginx_config () { + finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalnginxconf" 1 + sudo cp ../conf/nginx.conf "$finalnginxconf" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${path_url:-}"; then + ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" + fi + if test -n "${domain:-}"; then + ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" + fi + if test -n "${port:-}"; then + ynh_replace_string "__PORT__" "$port" "$finalnginxconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__NAME__" "$app" "$finalnginxconf" + fi + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" + fi + ynh_store_file_checksum "$finalnginxconf" + + sudo systemctl reload nginx +} + +# Remove the dedicated nginx config +# +# usage: ynh_remove_nginx_config +ynh_remove_nginx_config () { + ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" + sudo systemctl reload nginx +} + +# Create a dedicated php-fpm config +# +# usage: ynh_add_fpm_config +ynh_add_fpm_config () { + finalphpconf="/etc/php5/fpm/pool.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalphpconf" 1 + sudo cp ../conf/php-fpm.conf "$finalphpconf" + ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" + ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" + ynh_replace_string "__USER__" "$app" "$finalphpconf" + sudo chown root: "$finalphpconf" + ynh_store_file_checksum "$finalphpconf" + + if [ -e "../conf/php-fpm.ini" ] + then + finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" + ynh_backup_if_checksum_is_different "$finalphpini" 1 + sudo cp ../conf/php-fpm.ini "$finalphpini" + sudo chown root: "$finalphpini" + ynh_store_file_checksum "$finalphpini" + fi + + sudo systemctl reload php5-fpm +} + +# Remove the dedicated php-fpm config +# +# usage: ynh_remove_fpm_config +ynh_remove_fpm_config () { + ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" + ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 + sudo systemctl reload php5-fpm +} + +# Calculate and store a file checksum into the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_store_file_checksum file +# | arg: file - The file on which the checksum will performed, then stored. +ynh_store_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1) +} + +# Verify the checksum and backup the file if it's different +# This helper is primarily meant to allow to easily backup personalised/manually +# modified config files. +# +# $app should be defined when calling this helper +# +# usage: ynh_backup_if_checksum_is_different file [compress] +# | arg: file - The file on which the checksum test will be perfomed. +# | arg: compress - 1 to compress the backup instead of a simple copy +# A compression is needed for a file which will be analyzed even if its name is different. +# +# | ret: Return the name a the backup file, or nothing +ynh_backup_if_checksum_is_different () { + local file=$1 + local compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0 + local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_' + local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name) + if [ -n "$checksum_value" ] + then # Proceed only if a value was stored into the app settings + if ! echo "$checksum_value $file" | sudo md5sum -c --status + then # If the checksum is now different + backup_file="$file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" + if [ $compress_backup -eq 1 ] + then + sudo tar --create --gzip --file "$backup_file.tar.gz" "$file" # Backup the current file and compress + backup_file="$backup_file.tar.gz" + else + sudo cp -a "$file" "$backup_file" # Backup the current file + fi + echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2 + echo "$backup_file" # Return the name of the backup file + fi + fi +} + +YNH_EXECUTION_DIR=$(pwd) +# Download, check integrity, uncompress and patch the source from app.src +# +# The file conf/app.src need to contains: +# +# SOURCE_URL=Address to download the app archive +# SOURCE_SUM=Control sum +# # (Optional) Programm to check the integrity (sha256sum, md5sum$YNH_EXECUTION_DIR/...) +# # default: sha256 +# SOURCE_SUM_PRG=sha256 +# # (Optional) Archive format +# # default: tar.gz +# SOURCE_FORMAT=tar.gz +# # (Optional) Put false if source are directly in the archive root +# # default: true +# SOURCE_IN_SUBDIR=false +# # (Optionnal) Name of the local archive (offline setup support) +# # default: ${src_id}.${src_format} +# SOURCE_FILENAME=example.tar.gz +# +# Details: +# This helper download sources from SOURCE_URL if there is no local source +# archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME +# +# Next, it check the integrity with "SOURCE_SUM_PRG -c --status" command. +# +# If it's ok, the source archive will be uncompress in $dest_dir. If the +# SOURCE_IN_SUBDIR is true, the first level directory of the archive will be +# removed. +# +# Finally, patches named sources/patches/${src_id}-*.patch and extra files in +# sources/extra_files/$src_id will be applyed to dest_dir +# +# +# usage: ynh_setup_source dest_dir [source_id] +# | arg: dest_dir - Directory where to setup sources +# | arg: source_id - Name of the app, if the package contains more than one app +ynh_setup_source () { + local dest_dir=$1 + local src_id=${2:-app} # If the argument is not given, source_id equal "app" + + # Load value from configuration file (see above for a small doc about this file + # format) + local src_url=$(grep 'SOURCE_URL=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + local src_sum=$(grep 'SOURCE_SUM=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) + + # Default value + src_sumprg=${src_sumprg:-sha256sum} + src_in_subdir=${src_in_subdir:-true} + src_format=${src_format:-tar.gz} + src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]') + if [ "$src_filename" = "" ] ; then + src_filename="${src_id}.${src_format}" + fi + local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}" + + if test -e "$local_src" + then # Use the local source file if it is present + cp $local_src $src_filename + else # If not, download the source + wget -nv -O $src_filename $src_url + fi + + # Check the control sum + echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \ + || ynh_die "Corrupt source" + + # Extract source into the app dir + mkdir -p "$dest_dir" + if [ "$src_format" = "zip" ] + then + # Zip format + # Using of a temp directory, because unzip doesn't manage --strip-components + if $src_in_subdir ; then + local tmp_dir=$(mktemp -d) + unzip -quo $src_filename -d "$tmp_dir" + cp -a $tmp_dir/*/. "$dest_dir" + ynh_secure_remove "$tmp_dir" + else + unzip -quo $src_filename -d "$dest_dir" + fi + else + local strip="" + if $src_in_subdir ; then + strip="--strip-components 1" + fi + if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then + tar -xf $src_filename -C "$dest_dir" $strip + else + ynh_die "Archive format unrecognized." + fi + fi + + # Apply patches + if (( $(find $YNH_EXECUTION_DIR/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then + local old_dir=$(pwd) + (cd "$dest_dir" \ + && for p in $YNH_EXECUTION_DIR/../sources/patches/${src_id}-*.patch; do \ + patch -p1 < $p; done) \ + || ynh_die "Unable to apply patches" + cd $old_dir + fi + + # Add supplementary files + if test -e "$YNH_EXECUTION_DIR/../sources/extra_files/${src_id}"; then + cp -a $YNH_EXECUTION_DIR/../sources/extra_files/$src_id/. "$dest_dir" + fi + } \ No newline at end of file diff --git a/scripts/install b/scripts/install index dea9ffd..5ea0465 100644 --- a/scripts/install +++ b/scripts/install @@ -31,7 +31,6 @@ admin=$YNH_APP_ARG_ADMIN # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -CHECK_USER "$admin" # Check if admin user exists path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path CHECK_DOMAINPATH # Check domain and path availability CHECK_FINALPATH # Check if destination directory is not already in use @@ -76,7 +75,7 @@ ynh_mysql_create_db "$db_name" "$db_user" "$dbpass" ynh_app_setting_set $app final_path "$final_path" # Create tmp directory and fetch app inside TMPDIR=$(mktemp -d) -extract_wallabag "$TMPDIR" +ynh_setup_source "$TMPDIR" #================================================= # CREATE DEDICATED USER @@ -125,25 +124,21 @@ ynh_mysql_connect_as "$db_name" "$dbpass" "$db_user" <<< "UPDATE craue_config_s # NGINX CONFIGURATION #================================================= -# Copy and set nginx configuration -if [[ "$path_url" == "/" ]] ; then - nginx_conf=$PKGDIR/conf/nginx_root.conf +ynh_add_nginx_config +if [ "$path_url" = "/" ] +then + # Remove prefix on #noroot lines + sudo sed --in-place '/#noroot*/d' /etc/nginx/conf.d/$domain.d/$app.conf + # Replace "//" location (due to nginx template) + ynh_replace_string " // " " / " /etc/nginx/conf.d/$domain.d/$app.conf else - nginx_conf=$PKGDIR/conf/nginx_sub_dir.conf + # Remove #noroot lines + ynh_replace_string "#noroot" "" /etc/nginx/conf.d/$domain.d/$app.conf fi -ynh_replace_string "{LOCATION}" "${path_url:-/}" "$nginx_conf" -ynh_replace_string "{PATH}" "$path_url" "$nginx_conf" -ynh_replace_string "{DESTDIR}" "$final_path" "$nginx_conf" -ynh_replace_string "{POOLNAME}" "$app" "$nginx_conf" -ynh_replace_string "{APP}" "$app" "$nginx_conf" -sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf" -ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf" -ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf" -sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf" +ynh_add_fpm_config # Set SSOwat rules ynh_app_setting_set "$app" unprotected_uris "/" diff --git a/scripts/remove b/scripts/remove index 56038a4..1271ec1 100644 --- a/scripts/remove +++ b/scripts/remove @@ -45,10 +45,9 @@ ynh_secure_remove "/var/www/$app" #================================================= # REMOVE NGINX AND PHP-FPM CONFIGURATION #================================================= -# Delete app directory and configurations -sudo rm -rf "/var/www/${app}" -sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" -[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" + +ynh_remove_fpm_config +ynh_remove_nginx_config # Reload services sudo systemctl restart php5-fpm diff --git a/scripts/upgrade b/scripts/upgrade index e9761ee..6802efd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -53,9 +53,9 @@ db_user="$db_name" # MANAGE SCRIPT FAILURE #================================================= -BACKUP_BEFORE_UPGRADE # Backup the current version of the app +ynh_backup_before_upgrade # Backup the current version of the app ynh_clean_setup () { - BACKUP_FAIL_UPGRADE + ynh_backup_after_failed_upgrade } ynh_abort_if_errors # Stop script if an error is detected @@ -71,7 +71,7 @@ ynh_install_app_dependencies "$PKG_DEPENDENCIES" # Create tmp directory and fetch app inside TMPDIR=$(ynh_mkdir_tmp) -extract_wallabag "$TMPDIR" +ynh_setup_source "$TMPDIR" #================================================= # CREATE DEDICATED USER @@ -92,8 +92,9 @@ ynh_replace_string "{DBPASS}" "${dbpass}" "$wb_conf" ynh_replace_string "{DESKEY}" "${deskey}" "$wb_conf" # Replace files and set permissions -ynh_secure_remove "${final_path}" -sudo mv "$TMPDIR" "${final_path}" +ynh_secure_remove "${final_path}/var/cache" +sudo mkdir "${final_path}/var/cache" +sudo rsync -a $TMPDIR/* "${final_path}" sudo chown -R $app: "${final_path}" sudo chmod 755 $final_path @@ -108,26 +109,21 @@ ynh_mysql_connect_as "$db_name" "$dbpass" "$db_user" <<< "UPDATE craue_config_s # NGINX CONFIGURATION #================================================= -# Copy and set nginx configuration -if [[ "$path_url" == "/" ]] ; then - nginx_conf=$PKGDIR/conf/nginx_root.conf +ynh_add_nginx_config +if [ "$path_url" = "/" ] +then + # Remove prefix on #noroot lines + sudo sed --in-place '/#noroot*/d' /etc/nginx/conf.d/$domain.d/$app.conf + # Replace "//" location (due to nginx template) + ynh_replace_string " // " " / " /etc/nginx/conf.d/$domain.d/$app.conf else - nginx_conf=$PKGDIR/conf/nginx_sub_dir.conf + # Remove #noroot lines + ynh_replace_string "#noroot" "" /etc/nginx/conf.d/$domain.d/$app.conf fi -ynh_replace_string "{LOCATION}" "${path_url:-/}" "$nginx_conf" -ynh_replace_string "{PATH}" "$path_url" "$nginx_conf" -ynh_replace_string "{DESTDIR}" "$final_path" "$nginx_conf" -ynh_replace_string "{POOLNAME}" "$app" "$nginx_conf" -ynh_replace_string "{APP}" "$app" "$nginx_conf" -sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf" -ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf" -ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf" -sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf" - +ynh_add_fpm_config # Set SSOwat rules ynh_app_setting_set "$app" unprotected_uris "/" diff --git a/patches/00-ldap-auth.patch b/sources/patches/app-00-ldap-auth.patch similarity index 97% rename from patches/00-ldap-auth.patch rename to sources/patches/app-00-ldap-auth.patch index 2b894d6..f458191 100644 --- a/patches/00-ldap-auth.patch +++ b/sources/patches/app-00-ldap-auth.patch @@ -1,37 +1,37 @@ ---- a/app/config/services.yml 2016-05-25 18:09:56.374914445 +0200 -+++ b/app/config/services.yml 2016-05-25 18:07:38.775042951 +0200 -@@ -36,3 +36,7 @@ - arguments: ["@session"] - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } -+ -+ yunohost.ldap: -+ class: Symfony\Component\Ldap\LdapClient -+ arguments: ["localhost"] ---- a/app/config/security.yml 2016-05-25 18:09:46.814645164 +0200 -+++ b/app/config/security.yml 2016-05-25 18:07:38.775042951 +0200 -@@ -11,6 +11,14 @@ - entity: { class: WallabagUserBundle:User, property: username } - fos_userbundle: - id: fos_user.user_provider.username -+ yunohost_users: -+ ldap: -+ service: yunohost.ldap -+ base_dn: ou=users,dc=yunohost,dc=org -+ search_dn: -+ search_password: -+ filter: (&(uid={username})(objectClass=posixAccount)) -+ default_roles: ROLE_USER - - # the main part of the security, where you can set up firewalls - # for specific sections of your app -@@ -36,6 +44,9 @@ - - secured_area: - pattern: ^/ -+ http_basic_ldap: -+ service: yunohost.ldap -+ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" - form_login: - provider: fos_userbundle - csrf_token_generator: security.csrf.token_manager +--- a/app/config/services.yml 2016-05-25 18:09:56.374914445 +0200 ++++ b/app/config/services.yml 2016-05-25 18:07:38.775042951 +0200 +@@ -36,3 +36,7 @@ + arguments: ["@session"] + tags: + - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } ++ ++ yunohost.ldap: ++ class: Symfony\Component\Ldap\LdapClient ++ arguments: ["localhost"] +--- a/app/config/security.yml 2016-05-25 18:09:46.814645164 +0200 ++++ b/app/config/security.yml 2016-05-25 18:07:38.775042951 +0200 +@@ -11,6 +11,14 @@ + entity: { class: WallabagUserBundle:User, property: username } + fos_userbundle: + id: fos_user.user_provider.username ++ yunohost_users: ++ ldap: ++ service: yunohost.ldap ++ base_dn: ou=users,dc=yunohost,dc=org ++ search_dn: ++ search_password: ++ filter: (&(uid={username})(objectClass=posixAccount)) ++ default_roles: ROLE_USER + + # the main part of the security, where you can set up firewalls + # for specific sections of your app +@@ -36,6 +44,9 @@ + + secured_area: + pattern: ^/ ++ http_basic_ldap: ++ service: yunohost.ldap ++ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" + form_login: + provider: fos_userbundle + csrf_token_generator: security.csrf.token_manager diff --git a/patches/01-logout-success-handler.patch b/sources/patches/app-01-logout-success-handler.patch similarity index 97% rename from patches/01-logout-success-handler.patch rename to sources/patches/app-01-logout-success-handler.patch index 1b7a6d9..a3e75fc 100644 --- a/patches/01-logout-success-handler.patch +++ b/sources/patches/app-01-logout-success-handler.patch @@ -1,60 +1,60 @@ -diff --git a/app/config/security.yml b/app/config/security.yml -index b07b509..62f2550 100644 ---- a/app/config/security.yml -+++ b/app/config/security.yml -@@ -60,7 +60,7 @@ security: - - logout: - path: /logout -- target: / -+ success_handler: yunohost.logout_success_handler - - access_control: - - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } -diff --git a/app/config/services.yml b/app/config/services.yml -index 8a09fde..ee63e06 100644 ---- a/app/config/services.yml -+++ b/app/config/services.yml -@@ -37,6 +37,9 @@ services: - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.logout_success_handler: -+ class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler -+ - yunohost.ldap: - class: Symfony\Component\Ldap\LdapClient - arguments: ["localhost"] -diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -new file mode 100644 -index 0000000..b326824 ---- /dev/null -+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -@@ -0,0 +1,27 @@ -+